Privado
  • Privado
  • Getting Started With Privado
    • Quick Start
    • Running a Scan
    • Understanding Results
    • Command Reference
    • Understanding privado.json
      • Sources
      • Processing
      • Data Flow
      • Collections
      • Violations
  • Understanding Rules
    • What are Rules?
    • Sources
    • Sinks
      • Understanding Sinks
      • Storages
      • Third Parties
      • Leakages
      • Internal APIs
    • Collections
    • Policies
  • Tutorials
    • How to scan a repository using Privado
  • Customizing Privado
    • Add a new Source
    • Add a new Leakage Sink
    • Add a new Storage Sink
    • Add a new Third Party Sink
    • Add a new Policy
  • ROPA Report
    • Generating ROPA Report
  • Play Store Data Safety Report
    • Generate Play Store Data Safety Report
    • Uploading results to Play Store
  • Extra
    • Configurations
    • Contributing through GitHub
  • About Privado
    • LICENSING
    • Privacy Policy
    • Security
Powered by GitBook
On this page
  • Example
  • Organization
  • Execution
Edit on GitHub
  1. Understanding Rules

Sources

PreviousWhat are Rules?NextSinks

Last updated 2 years ago

The journey of tracking personal data starts from “sources”. They are variables, classes and structures in the code which represent personal data. Sources are divided into 22 categories. There is a separate file for each category. You can see them in the folder. Each file in the folder contains the rules for data elements belonging to that category.

Example

From the account_data.yaml

sources:
  
  - id: Data.Sensitive.FinancialData.BankAccountDetails
    name: Bank Account Details
    category: Financial Data
    isSensitive: False
    sensitivity: high
    patterns:
      - "(?i).*((?<!question)bank[^\\s/(;)#|,=!>]*(?:name|account|details|detail|address|country|(swift|bic)-code|(swift|bic)_code)|bank[^\\s/(;)#|,=!>]*account[^\\s/(;)#|,=!>]*details|(swift|bic)[-_]code|(swift|bic)code)"
    tags:
      law: GDPR

Organization

Sources are present in directory and are organized as follows,

|__rules
   |__sources
   |  |__account_data.yaml
   |  |__audio_visual_sensory_data.yaml
   |  |__background_check_data.yaml
   |  |__biometric_data.yaml
   |  |__contact_data.yaml
   |  |__education_background_data.yaml
   |  |__financial_data.yaml
   |  |__health_data.yaml
   |  |__location_data.yaml
   |  |__national_identification_numbers.yaml
   |  |__online_identifiers.yaml
   |  |__personal_characteristics.yaml
   |  |__personal_identification.yaml
   |  |__professional_employment_background_data.yaml
   |  |__purchase_data.yaml
   |  |__social_media_data.yaml
   |  |__spouse_family_dependend_data.yaml
   |  |__technical_data.yaml
   |  |__usage_data.yaml
   |  |__user_content_data.yaml
   |  |__vehicle_data.yaml
   |  |__workplace_monitoring_data.yaml

Execution

When the code is scanned, Privado first marks the “sources”, then tracks it’s journey to sinks such as third parties, databases, and logs.

rules/sources
file
rules/sources